package com.ruoyi.framework.security;

import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import java.util.Collection;

/**
 * 企业微信登录认证Token
 * 类似于UsernamePasswordAuthenticationToken
 * 
 * @author ruoyi
 */
public class QyWechatAuthenticationToken extends AbstractAuthenticationToken
{
    private static final long serialVersionUID = 1L;

    /**
     * 认证主体(登录前为企业微信用户ID,登录后为LoginUser)
     */
    private final Object principal;

    /**
     * 认证凭证(企业微信CorpID)
     */
    private Object credentials;

    /**
     * 创建未认证的Token(登录前)
     * 
     * @param qyUserId 企业微信用户ID
     * @param corpId 企业微信CorpID
     */
    public QyWechatAuthenticationToken(String qyUserId, String corpId)
    {
        super(null);
        this.principal = qyUserId;
        this.credentials = corpId;
        setAuthenticated(false);
    }

    /**
     * 创建已认证的Token(登录后)
     * 
     * @param principal 登录用户信息
     * @param credentials 凭证
     * @param authorities 权限列表
     */
    public QyWechatAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities)
    {
        super(authorities);
        this.principal = principal;
        this.credentials = credentials;
        super.setAuthenticated(true);
    }

    @Override
    public Object getCredentials()
    {
        return this.credentials;
    }

    @Override
    public Object getPrincipal()
    {
        return this.principal;
    }

    @Override
    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException
    {
        if (isAuthenticated)
        {
            throw new IllegalArgumentException(
                "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
        }
        super.setAuthenticated(false);
    }

    @Override
    public void eraseCredentials()
    {
        super.eraseCredentials();
        credentials = null;
    }
}